Integrated circuit

ABSTRACT

A single chip processor for use in a smart card has a plurality of instruction memory areas and a processor. Different instructions sets are selectively executable in response to a signal defining a memory area from which instructions are supplied. Preferably instruction and data memory areas are addressable as pages, wherein a page address cannot be directly accessed by a subset of instructions. The processor may include a central processing unit and a cryptographic logic unit which operate at different times and share common instruction memory and sequencing logic. Instructions are supplied to said cryptographic logic unit at an integer multiple of the rate at which they are supplied to said central processing unit.

The present invention relates to a single chip integrated circuit havingprocessing means arranged to process instructions.

BACKGROUND OF THE INVENTION

Portable data carrying devices having non-volatile storage configured tostore secure data are known. An international standard has beendeveloped relating to devices of this type having a size andconfiguration substantially similar of that of conventional creditcards. In addition to non-volatile storage, cards of this type may alsobe provided with a processing facility and in this configuration theyhave become generally known as "smart cards".

Data stored on smart cards may be used to represent many entities andcards of this type have become particularly popular for the storage ofmoney tokens, where data held on the cards represents negotiable moneyas a replacement for negotiable notes and coinage. Money transactionsusing the card may be effected by the use of suitable terminalequipment, for example located beside a conventional cash register. Atransaction involves reducing a data value on the card, and increasing adata value at a remote location, via the terminal. Cards may hold datavalues representing a finite amount of money. Transactions may alsoinvolve incrementing a money token on the card, while reducing a moneytoken at a remote location, thereby increasing the amount of moneyrepresented on the card.

An IC card including a processor, a first memory for storing a systemprogramme and a second memory for storing an application programme isdisclosed in European patent publication No 0356257. A third memory isprovided for storing data process by the processor and an input\outputunit is provided for effecting input and output operations of programmesand data Device includes a programmes stop section for stopping theprogramme being executed on the processor at a specified address and adata output section for supplying the input\output unit with either oneof a content of a register in the processor and the content of an areaof an address of at least one of the first, second or third memories andthe programme running on the processor is stopped.

Equipment may also be provided to transfer money directly from one cardto another. Money transactions involve reducing a data count on one cardwhile effecting a similar data increment on a cooperating card. Thus, inthis way, the data held on both cards subsequent to a transaction takingplace is consistent with a particular sum of money being transferredfrom one to the other.

A variety of financial transactions may therefore be effected by the useof smart cards, and over a variety of terminal equipment from a diverserange of shopping outlets and financial service providers. It isessential that an extremely high level of security is provided duringsuch transactions, in order to avoid the possibility of electroniccounterfeiting or other mischief.

A high security IC card is disclosed in European patent publication No0636998. The IC card has a read only memory for storing an operationcommand and re-loadable memory for storing a plurality of controlcommands. A selecting unit selects control commands stored in the readonly memory and one of the control commands stored in the re-loadablememory. The control unit for driving the IC card in accordance with theselected control commands is provided and the card provides highsecurity such that it is capable of holding confidentiality of variouscommands. The card can be realised in a form which is adaptable tovarious application systems used for the IC card without re-writing thedate in the read only memory and can provide high general versatility.

This requirement for high security places a limitation on thefunctionality of a smart card. In order for approval of its use by afinancial institutions or a governing authority, the operations of thesmart card must be shown to conform to a number of established highlysecure protocols. Smart card functionality is therefore restricted atthe time of manufacture in order to gain acceptance for its widespreaduse in the sensitive area of financial transactions. Thus, in knownsmart card systems, it is necessary to anticipate the precise functionalrequirements of a particular smart card before manufacture anddistribution can commence.

These functional requirements include the definition of highly secureprotocols. It has been shown that, given sufficient organisation ofcomputing resources on a world wide scale, it is possible to crack atleast one of the currently established highly secure protocols. With theexponential trend in the availability of computing power, it becomesincreasingly difficult to define a particular set of secure protocolswhich will remain unbreakable over a period of time. Thus, it has becomeaccepted that at one time or another, an established security protocolmay be broken, particularly because future technological trends areimpossible to predict with certainty, even over a period of a few years.

Given these difficulties, existing smart cards leave open thepossibility that an entire financial transaction structure may beundermined by a single unforeseeable change in the amount of computingpower available to a determined individual.

In order to reduce the likelihood of this occurring, secure protocolsare continuously reviewed and developed. By having the freedom to updateand change secure protocols whenever necessary, financial institutionsand other security conscious agencies can stay one step ahead of thosetrying to steal their information, or at least minimise the amount ofdamage which may be done when such an event has been discovered.

With existing highly secure smart cards, it is dangerous to transfer newinstructions to the card after the card has been manufactured. This isbecause the instructions defines the full functionality of the card, andit may be impossible to prevent illegal instructions from beingtransferred to a smart card, which may then be used in an unauthorisedmanner to gain access to money or information for which the user of thecard has no right of access. Thus, when a bank requires a change in thesecurity protocol operating with an existing smart card, it is necessaryto throw away the existing card and replace it with a completely newone.

Smart cards may contain a very useful computational resource, which maybe used for other applications in addition to purely financialtransactions. Such applications may include the use of cards forrecreational purposes such as the playing of games. Systems have beendeveloped in which cards are used within a game playing device arrangedto derive games from the card while allowing users' scores to beretained securely within the card. Furthermore, given a level ofprocessing facility within the card, as is known within establishedsmart cards, it is possible for third party instructions to be executedby the card thereby significantly enhancing the card's functionality.

Thus, it would be possible to manufacture cards that are suitable fornew applications developed in the future given that the entirefunctionality of a particular application would be embodied within newlycreated third party instructions. The card would provide a new computingplatform allowing developers to produce new applications withoutrequiring modification to fixed smart card instructions. However,receiving third party executable instructions, possibly during aninteractive operation, is not possible within existing smart cards whichare used for financial or other secure transactions, given therequirement for a highly secure protocol.

SUMMARY OF THE INVENTION

According to a first aspect of the present invention, there is provideda single chip integrated circuit having processing means arranged toprocess instructions supplied from storage means, characterised in thatsaid storage means comprises a first storage region and a second storageregion; instructions are selectively supplied to said processing meansfrom said storage regions; and enabling means are arranged to enablesaid processing means to be responsive to privileged instructions ifsaid instructions are received from said first storage region, and todisable said processing means from being responsive to said privilegedinstructions if said instructions are received from said second storageregion.

In a preferred embodiment, the single chip is incapsulated in a smartcard and said second instruction storage region is configurable toreceive instructions from a smart card terminal.

Preferably, a paged addressing means is included, arranged to supplyaddresses to an instruction storage region, wherein said pagedaddressing means is changeable only by protected instructions suppliedfrom said first storage region.

In a preferred embodiment, the circuit has a plurality of processingmeans wherein said first storage region includes multi-plexing meansarranged to select destination processing means for instructions. Afirst destination processing means maybe arranged to receive and decodeinstructions from said first storage region at a first instruction rateand a second destination processing means maybe arranged to receive anddecode instructions from said first storage region at a secondinstruction rate.

According to a second aspect of the present invention, there is provideda method of processing instructions read from storage means,characterised in that said storage means comprises of a first storageregion and a second storage region; instructions are selectivelysupplied to said processing means from said storage regions; andenabling means are arranged to enable said processing means to beresponsive to privileged instructions if said instructions are receivedfrom said first storage region, and said enabling means are arranged todisable said processing means from being responsive to said privilegedinstructions if said instructions are received from said second storageregion.

In a preferred embodiment, the processing means is a cryptographicprocessing means.

DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a smart card terminal, a communications link and amainframe computer;

FIG. 2 shows a portable smart card transaction device, including twosmart cards;

FIG. 3 details a smart card of the type shown in FIG. 2, and compatiblewith the smart card terminal shown in FIG. 1;

FIG. 4 details a known design for a silicon chip in a conventional smartcard, including an instruction memory area and a central processingunit;

FIG. 5 details instruction sequences stored in the instruction memoryarea shown in FIG. 4;

FIG. 6 details the instruction fetch and decode sequence as performed bythe central processing unit shown in FIG. 4;

FIG. 7a details an improved design for a silicon chip in a smart card,including a privileged instruction memory, a non-volatile instructionmemory and a central processing unit having a selective instructiondecoder;

FIG. 7b details connections to the selective instruction decoder shownin FIG. 7a;

FIG. 8 details contents of the privileged instruction memory and thenon-volatile instruction memory shown in FIG. 7a;

FIG. 9a details the instruction fetch and decode cycle as performed byhardware in the central processing unit shown in FIG. 7a, includingcalling an exception handling procedure;

FIG. 9b details the exception handling procedure shown in FIG. 9a;

FIG. 10 lists protected and unprotected instructions which are decidableby the selective instruction decoder shown in FIG. 7a;

FIG. 11 details a preferred embodiment of the invention, including acryptographic logic unit, connected to a privileged instruction memoryby a microcode bus;

FIG. 12 details multiplexing arrangements for supplying instructionsfrom the privileged instruction memory shown in FIG. 11 to the microcodebus;

FIG. 13a details temporal reordering of a thirty-two bit microcodereceived by the cryptographic logic unit shown in FIG. 11, includingindividual instruction bytes;

FIG. 13b details decoding protocols for the bytes shown in FIG. 13a,including a five bit instruction word;

FIG. 13c details decoding logic of the five bit instruction word shownin FIG. 13b; and

FIG. 14 shows clock circuitry arranged to generate a high frequencyclock signal for the cryptographic logic unit shown in FIG. 11.

THE PREFERRED EMBODIMENT

The invention will now be described by way of example only withreference to the accompanying drawings identified above.

A terminal for allowing smart card transactions is shown in FIG. 1. Theterminal 101 includes a slot 102 for receiving a smart card, a visualdisplay unit 103 for providing the smart card user with options andinstructions for use. The user of the smart card responds to displayedoptions and instructions by pressing buttons 104, which are arranged toenable the user to provide numerical and functional input data. A cashslot 105 is provided in the event that the user should wish to translatemoney represented by data stored on the smart card into conventionalcash.

The smart card terminal 101 communicates with a large computer 107 via acommunications link 106. The computer 107 includes a large amount ofdata storage capacity in the form of arrays of hard disk drives 108. Acomputer terminal 109 enables an operator of the computer 107 to controlaccess provided to smart card users via the smart card terminal 101. Forexample, if a smart card is stolen, a computer operator may instruct thecomputer 107 not to authorise any subsequent transfer of money to thecard from the owner's account.

Smart cards may be used to exchange money tokens using appropriateequipment, such as that shown in FIG. 1. Alternatively, a smallerterminal may be located alongside a supermarket checkout counter, sothat a smart card may be used instead of cash. Thus, when paying forgoods, the amount of money stored on the smart card is reduced. Theterminal shown in FIG. 1 may be used to transfer money from the user'saccount, into the smart card. In this way, the same smart card may bedischarged and recharged with amounts of cash, at the user'sconvenience.

Money may be exchanged directly from one smart card to another using theportable exchange device shown in FIG. 2. The portable hand heldexchange device is arranged to receive a first smart card 201 and asecond smart card 202. The device includes a keyboard 203 and a displaydevice 204, providing a user interface to allow smart card users toinsert their cards into the device and to specify an amount of financialtoken data to be exchanged between the smart cards, along with anindication of the direction of exchange. In addition, the device mayalso be used by the respective parties to the transaction for them toenter their personal identification numbers, as may be required in orderto authorise a transaction between cards 201 and 202.

Devices are also available for effecting transactions of this type overnetworks, allowing an immediate exchange of funds to be made without thephysical transfer of notes or coinage etc. Networks may be insecure,such as the Internet. However, appropriate cryptographic techniques,such as public key signature authentication, may be used to facilitatesecure transfer of funds nevertheless.

The structure of the smart card 201 shown in FIG. 2 is detailed in FIG.3. The smart card 201 has physical dimensions substantially similar to aconventional. credit card. The card is relatively flexible and thecircuitry within the card is constructed so as to be resilient to modestdegrees of flexing.

The card 201 includes communication terminals 302 allowing communicationwith external devices. In particular, these terminals include a terminalfor receiving a two point seven to five point five volt power supply, aground connection, a clock and a reset connection. These communicationterminals 302 consists of flat, gold-plated areas of metal, which arefabricated in accordance with an international standard for smart cards.Thus cards may be interchangeable and facilitate data transfer inaccordance with established protocols.

The communication terminals 302 are electrically and bonded on thereverse side single silicon chip which is embedded within the smart cardsubstrate. Only the communication terminals 302 are actually visible onthe surface of the smart card, with the rest of the surface typicallyused for the cardholder's identity, and a company logo.

The smart card is constructed in such a way that a degree of flexing ofthe card is permissible, without any damage being done to the circuit.The use of a single silicon chip 303, on which all circuitry resides,concentrates important functionality into a small square area Thiscontributes to the physical resilience of the smart card. Importantly,the area of silicon which is used for the chip must be minimised inorder to reduce the cost of manufacture, and furthermore to decrease thelikelihood of chip failure in the field, which is itself related to thearea occupied by silicon circuitry.

A block diagram of known circuitry which is integrated onto the smartcard chip is shown in FIG. 4. A central processing unit (CPU) 409 isconnected to the communications terminals 302 of the smart card. Thecentral processing unit 401 is also connected to three areas of memory.The instruction memory 402 contains permanent unchangeable patterns ofdata in the form of a read only memory (ROM). These patterns of data arearranged in groups of eight bits, forming a byte.

When the smart card is operating, the central processing unit 401automatically supplies a sequence of memory addresses to the instructionmemory 402 over an address bus 405. In a typical smart card, the addressbus represents twelve individual address bits, allowing addressing of upto four thousand and ninety-six different memory locations. In response,the instruction memory 402 supplies a byte from each sequentiallyaddressed location back to the central processing unit 401, where theyare decoded as instructions by an instruction decoder 409. Theinstruction decoder coordinates operations within the central processingunit 401, such that useful calculations may be performed betweenregisters 407 and an arithmetic and logic unit (ALU) 408. Theinstruction decoder 409 may also modify the sequence of addressessupplied to the instruction memory 402, thus permitting a jump to adifferent sequence of instructions held therein. This jump may beconditional upon the result of a calculation performed by the arithmeticand logic unit 401.

In order to make use of larger amounts of data than can be held in theregisters 407, the address bus 405 can also supply addresses to anon-volatile data memory 403 and a volatile data memory 404. Thenon-volatile data memory 403 is fabricated in a technology known aselectrically erasable programmable read only memory (EEPROM), in which amemory location is set or cleared by a process of hot electron injectionor Fowler-Nordheim tunnelling respectively, as is known in the art.Modifying data stored in the non-volatile data area 403 may take severalmilliseconds, whereas reading a byte of data is typically achieved inless than two hundred and fifty hundred nanoseconds. Other non-volatilememory technologies may be used, such as Ferro-electric random accessmemory (FRAM).

The non-volatile data memory 403 is used to store changeable customerdata, such as the amount of money stored by the card, and customerspecific data, such as the customer's account number. Both these typesof information may be encrypted, and require a pair of decryption keys,stored in the non-volatile data memory 403, to be supplied eithermanually or electronically from some external source, whenever atransaction is required.

The volatile data memory 404 is fabricated as a matrix of random accessmemory (RAM) cells. This retains its contents only for as long as thesmart card has a power supply, and therefore loses its contents when thesmart card is removed from the transaction slot 102. A location in thevolatile data memory 404 may be written to or read from at a high speed,typically in less than two hundred and fifty nanoseconds. This area ofmemory is used for storing intermediate results from complexcalculations, for example those which are performed during dataencryption or decryption.

The data supplied by the non-volatile memory 403 or the volatile memory404 to the data bus 406 is not interpreted as an instruction by theinstruction decoder 409, and is instead supplied to one of the registers407. Thereafter calculations may be performed on the data, and resultsreturned to one of the data memories 403 or 404, by placing anappropriate address on the address bus 405, supplying a write signal tothe respective memory area and supplying the data to the data bus 406for the period of time required by the memory for a write cycle to beperformed. The write cycle time may be five milliseconds for thenon-volatile data memory 403, or a couple of hundred nanoseconds for thevolatile data memory 404.

A representation of instructions contained in the instruction memory 402is shown in FIG. 5. An operating system contains a number ofsubroutines, such as multiplication, division, and possibly certaintypes of encryption algorithm, such as the Data Encryption Standard(DES). A third party application 503, also stored in the sameinstruction memory 402, makes use of the subroutines provided by theoperating system 502. The operating system also communicates withinstructions for serial communications 504, which provide the ability totransfer information to and from the outside world via the smart cardterminals 302.

The basic operations performed by the instruction decoder 409 in a smartcard chip are summarised in the flow chart shown in FIG. 6. In process601, an instruction code is fetched from the instruction memory 402, bysupplying an appropriate address on the address bus 405, and thentransferring data from the data bus 406 to the instruction decoder 409.At process 602, the instruction is decoded. Typically, this includesaccessing a small read only memory in the instruction decoder, which hasa large number of output data lines, which are then supplied, via apipeline register, to control the various electronic components thatcomprise the rest of the central processing unit 401.

In process 603, the decoded instruction supplied to the pipelineregister in the instruction decoder, is actively supplied to the rest ofthe central processing unit circuitry, thus executing the instruction.At process 604, the address of the next instruction in the instructionmemory is calculated, usually by adding one to the previous value.Thereafter, processes 601 to 604 are repeated indefinitely, thusenabling sequences of instructions to be executed.

It should be noted that instructions are decoded, regardless of thesequence and hence functionality of which they form a part. In thisimportant respect, the central processing unit 401 cannot distinguishbetween instruction sequences provided from different sources, i.e thirdparties 503, or instructions which form part of the operating system502. Thus, it is theoretically possible for instructions to be writtenwhich simulate the operations of known third party instructions, butwhich are modified, for example, in order to illegally increase thevalue of money stored by the card.

Since money is represented by a pattern of electrical charge on asilicon chip, the amount which might be stolen has no physical limit. Inthis type of theft, the money on the card would be increased, while theamount in a bank account would remain the same, and the theft may remainundetected for this reason. There are several techniques for ensuringthat such tampering will be extremely difficult to achieve, for exampleby extensive use of signature authentication by public key cryptography,as is known. However, the only sure way to prevent this type of fraud isto make it impossible to modify instructions held in the instructionmemory 402.

Another problem occurs when multiple applications share the same smartcard instruction memory. Certification is then required to ensure thatinstructions from different applications do not attempt any form ofunauthorised access. This certification is extremely difficult, andtherefore effectively rules out the use of flexible down-loadableinstructions after the card has been manufactured.

For this reason, known smart card chips holding multiple applicationswhich are used for secure financial transactions have instructionsstored only in read only memory. Thus, it will be known at the time thecard is distributed that application instructions are compatible andwill not attempt to interfere with each other. This, however, places arestriction on the functionality of the smart card, which must thereforebe entirely defined before it is distributed for use. Furthermore,should a bank or other financial institution wish to update securityprocedures in use on their smart cards, existing cards must be replaced,involving considerable cost

An improved memory arrangement for a smart card chip is shown in FIG.7a. Instructions may be supplied from a privileged instruction memory702, which is a read only memory area, or from a non-volatileinstruction memory 703, which is an electrically erasable read onlymemory.

A page register 715 defines the most significant eight bits of theaddress supplied to the privileged instruction memory 702, and an offsetregister defines the least significant eight bits of the addresssupplied to the privileged instruction memory 702.

In normal operation, the offset register 716 or the offset register 718increments automatically each time an instruction is fetched. Thus, theaddress bus 709 is only required to define the contents of the pageregister 715 or the offset register 716, when a jump to a different setof instructions is required.

The privileged instruction memory 702 is a read only memory area, whosecontents are defined before the card is manufactured and distributed.The non-volatile instruction memory 703 may have its contents changedafter the card has been distributed. For example, instructions may beupdated during an interactive session with the terminal 101 shown inFIG. 1, with new instructions supplied from the large computer 107 at aremote site. The central processing unit 701, shown in FIG. 7a, includesa selective instruction decoder 710. The central processing unit has anumber of possible instructions, which are referred to as an instructionset. The selective instruction decoder 710 only allows the full set ofinstructions to be executed from the privileged instruction memory 702.Certain instructions, particularly those which modify or read any of thepage registers 715, 717, 719 or 721, are prevented from being used whenthey are supplied from the non-volatile instruction memory 703. Thecentral processing unit 701 shown in FIG. 7a is further detailed in FIG.7b. An instruction source controller 751 selects the instruction memoryfrom which the sequence of instructions is fetched. A control line 752controls circuits to select instructions from the privileged instructionmemory 702, and a second control line 753 controls circuits to selectinstructions from the non-volatile instruction memory 703. The controlline 752 for selecting the privileged instruction memory 702 is alsosupplied to the selective instruction decoder 710. Selecting circuitstherein enable the full set of instructions for the central processingunit 701 to be accessed when the control line 752 is activated.

A representation of instructions stored in the two instruction memoryareas 702 and 703 shown in FIG. 7a, is shown in FIG. 8. Operating systeminstructions 801 and serial communications instructions 802 are storedin read only memory in the privileged instruction memory 702. Only theseinstructions have full access to the instruction set, and hence theability to change the contents of any of the page registers 715, 717,719 and 721. Third party applications 803 and 804, which may have beenreceived through a transfer at the terminal 101, are unable to accessthe full instruction set, because they are stored in the non-volatilememory 703.

By preventing a third party application from changing a page register,or jump to an instruction in another memory area, privilegedinstructions may control the type of operations performed by third partyapplications. For example: if third party application 803 is stored in aportion or page of non-volatile instruction memory 703 indexed by aparticular page register value, it cannot directly read or jump to aninstruction in third party application 804, which is stored in adifferent page of non-volatile instruction memory 703. Furthermore, pageregisters 719 and 721 shown in FIG. 7a cannot be directly modified by athird party application.

Thus a third party application is restricted to accessing data orinstructions in a particular page of memory. If an applicationlegitimately requires access to memory in a different page to that whichhas been allocated, this may be done, but only after arbitration by anexception handling subroutine which is executed automatically from theprivileged instruction memory 702, whenever an attempt is made to use aprivileged instruction from the non-volatile instruction memory 703.

The operations performed by the hardware of the central processing unit701 when fetching instructions are summarized as a flow chart in FIG.9a. In process 901 an instruction is fetched from either instructionmemory area 702 or 703. In process 902, a question is asked as towhether the fetched instruction is from the privileged memory area 702.This question process is performed in hardware terms by controllingdecoding circuitry by the control line 752 as shown in FIG. 7b. If theinstruction is from the privileged instruction memory 702, control isdirected to process 905. Thereafter the instruction is decoded, andexecuted in process 906. In process 907 the next address is generated,which is a hardware operation performed either in the offset and pageregisters of the respective instruction memory area, or alternatively,if a jump is to be performed, in conjunction with other circuitry on thechip.

In process 903 it is known that the present instruction has beensupplied from the non-volatile instruction memory 703. A question istherefore asked, again performed by hardware circuits, as to whether theinstruction is protected or not. If the instruction is not protected,control is directed to process 905. Alternatively control is directed toprocess 904, which results in a special sequence of events in hardwareand in terms of supplied instructions, which are together referred toherein as an exception.

Thus, when an application attempts to change a page register using aprotected instruction, the central processing unit 701 automaticallyforces a jump to an exception handling instruction sequence which isstored in the privileged instruction memory 702. This instructionsequence is summarised in FIG. 9b. In process 921 a question is asked asto whether the third party application is authorised to access therequested area of memory. This question typically involves a sequence ofconditional instructions being executed in response to a series ofcomparisons between data stored in either of the data memories 704 or705. It should be noted that data for these comparisons should at leastpartly be held in pages to which the third party application does nothave access, thereby preventing any form of unwarranted access.

If the instruction is authorised, the operating system executes theinstruction itself, via process 923, whereafter control is returned tothe third party application program. Alternatively, the exceptionhandler does not authorise the request. This indicates either an errorcondition, or a deliberate attempt to break into a restricted area ofmemory. In process 922 the chip may be reset, or some other emergencyprocedure performed, such as clearing of any non-encrypted data in thevolatile memory area 705.

The set of instructions executable by the central processing unit 701 isshown in FIG. 10. Protected instructions, executable only fromprivileged instruction memory 702, are shown in FIG. 10. These includeRST, reset, which resets the chip. When performed as part of anexception handling routine, as shown in FIG. 9a, this has the effect ofdisabling the third party application instructions, and initialisinghardware circuits to those conditions which would otherwise beencountered only after power has been initially applied to the smartcard. The first instructions to be fetched and executed will be thosestarting at address zero in the privileged instruction memory 702.

Other protected instructions include instructions to read or write pageregisters. SETPG MS allows the contents of the page register 717 to bedefined. In the terminology adopted for the mnemonics, MS stands formodule space, meaning the non-volatile instruction memory 703, in whichthird party applications, or modules, are stored. Binary Interface Spaceis the terminology used to describe the privileged instruction memory702, in which operating system or interface instructions are stored.Additional protected instructions include those which allow the centralprocessing unit to write to the non-volatile instruction memory 703,known in the terminology of the mnemonics as module space. Thus, onlythe operating system is able to load applications. It is also able toerase them when they are no longer wanted, to make way for an update ora different third party application.

Non-protected instructions are listed in FIGS. 10b and 10c. Theseinclude instructions used for binary arithmetic, such as adding to anaccumulator, subtracting from an accumulator and so on, and instructionswhich may modify certain offset registers.

In addition to preventing unwarranted interference from third partyapplications, the invention prevents unwarranted corruption of one thirdparty application by another. The invention thereby provides a securemechanism for multi-application support in hardware. This alsosimplifies third party application development: instead of having everyapplication to trust any other application to behave correctly withrespect to secure data, it is only necessary to rely on the hardwareprotection mechanism, which will have been subject to many tests and canform the basis for many future product variants.

Although the preferred embodiment stores third party applications innon-volatile memory, the invention provides similar advantages when usedfor volatile memory, for example when multiple applications are loadedduring a single session.

In the preferred embodiment, the smart card chip includes additionalcircuitry primarily aimed at improving the efficiency and speed ofperforming encryption and decryption. Furthermore, the implementation ofthe central processing unit, memories and instruction sequencing logicare implemented in accordance with the methodology known as reducedinstruction set computer (RISC). Features of the preferred embodimentare shown in FIG. 11. The major difference between this and thearrangement shown in FIG. 7a, is the addition of a cryptographic logicunit (CLU) 1101.

In addition to the cryptographic logic unit 1101, additional page andoffset registers 1104, 1105, 1106, 1107, 1108 and 1109 are provided tospeed up certain types of memory operations. The page and offsetregister pair 1104 and 1105 are used to provide fast context switchingfor subroutines executed from within the privileged instruction memory702. When a subroutine is called, a new instruction memory address isgenerated from the subroutine address register pair 1104 and 1105, whilethe return address from the subroutine is maintained in the originaladdress register pair 715 and 716. A corresponding pair of registers1106 and 1107 is used to provide fast context switching for data when asubroutine is called. Thus, when a subroutine is called from withinprivileged instruction memory, both instructions and data have animmediate change of context, which may be reversed on the return fromthe subroutine instructions.

The volatile data memory 705 also includes a further additional addressregister pair, 1108 and 1109. These facilitate fast block data transfersbetween locations within the same area of the volatile data memory 705.This is the only area of memory with sufficiently fast write cycle timesto make it worth implementing the extra pair of address registers.

Instructions from the privileged instruction memory 702 or thenon-volatile instruction memory 703 are supplied to the centralprocessing unit 701 over an instruction bus 1111. Data from thenon-volatile data memory 704 or the volatile data memory 705 aresupplied to the central processing unit 701 over a separate data bus1110. This arrangement permits an instruction fetch cycle to beperformed simultaneously with a data read or write cycle, thus speedingup operations. This arrangement is generally referred to as HarvardArchitecture.

The four memories 702, 703, 704 and 705 are all able to perform a readoperation within fifty nanoseconds. A one hundred and twenty eight bitcache is used to ensure this speed of access can be maintained most ofthe time, alternatively, if a read operation is required from a locationwhich is not currently stored in the cache, a wait state is insertedautomatically.

The volatile data memory 705 is also able to perform a write operation.The central processing unit is arranged to execute instructions in asingle clock cycle, wherein said clock cycle has a minimum time of fiftynanoseconds. Thus, the central processing unit and the memories are ableto operate synchronously at an instruction rate of twenty millioninstructions per second (MIPS).

Public key cryptography systems are used extensively in financialtransactions, and their widespread use is anticipated in smart cards. Adifficulty with known public key cryptosystems, such as RSA, is therequirement for long multiplication of large integers, having twohundred and fifty-six, five hundred and twelve or more binary digits.Even when using a central processing unit running at twenty millioninstructions per second, highly secure public key cryptosystems mayrequire several seconds to perform a single encrypted transaction. Atypical financial transaction may require ten complete encrypted messagetransfers, theoretically requiring over a minute of processing timeusing existing technology. This presents a major barrier to thewidespread adoption of smart cards. For example, if a smart card is tobe used to pay for a ticket on public transport, for example a bus,pausing for tens of seconds for each person in a long queue may beconsidered unacceptable.

Research into cryptography is accelerating, due to the simultaneousincreased demand for electronic money and the availability of processingpower which may be used to break cryptographic codes. However, proposedcryptographic systems which provide the level of security required forwidespread adoption of smart cards as a replacement for printedcurrency, require a level of processing power not available in standardlow cost microcontroller architectures such as 8051, 6805 or similardevices. The ability to perform public key decryption and encryptionaccording to protocols such as RSA, DSS and CAFE in a reasonable time isconsidered essential for an effective smart card design.

The cryptographic logic unit 1101, shown in FIG. 11, is used to speed upthe process of performing public key cryptographic transactions, and canmultiply binary numbers having up to six hundred and forty bits. Thereare, however, several technical difficulties which need to be overcomeif such a device is to be integrated into a reasonably small area ofsilicon. The first major problem is one of speed. Components of thecryptographic logic unit 1101 may be operated at a high instruction rateof sixty million instructions per second. However, supplying enoughinstructions to the cryptographic logic unit 1101 to enable it toexecute a new instruction on every one of its clock cycles represents aconsiderable technical challenge.

Firstly, there is no room on the chip for a memory area dedicated tostoring and supplying instructions for the cryptographic logic unit1101. But the privileged instruction memory 702 has an access time offifty nanoseconds, which is three times less than the instruction rate.In FIG. 11, a thirty-two bit wide microcode bus supplies instructionsfrom the privileged instruction memory 702 to the cryptographic logicunit 1101 at the maximum memory read rate of twenty million read cyclesper second. While instructions are supplied from the privilegedinstruction memory to the microcode bus, instructions cannot besimultaneously supplied to the central processing unit. It is thereforepossible to share various hardware components involved in the sequencingof instructions, and thereby reduce the area of silicon required.

Connections from the privileged instruction memory 702 to the microcodebus 1102 shown in FIG. 11 are detailed in FIG. 12. Page bits and offsetbits from either registers 715 and 716 or registers 1104 and 1105 may beconsidered as forming a sixteen bit address word 1201, comprisingindividual address lines labelled A0 through to A15. The mostsignificant twelve of these sixteen bits, A4 to A15, are supplied as anaddress to the privileged instruction memory 702, which is arranged asfive hundred and twelve locations, each having one hundred andtwenty-eight data bits. Only nine of the address lines, A4 to A12 areneeded to access the five hundred and twelve locations, so A13 to A15are left unconnected. Subsequent designs may easily be configured tohold larger amounts of memory simply by connecting these unused addresslines to a larger read-only memory array.

The data from each location in the privileged instruction memory isconsidered as comprising four lots of thirty-two bit data words, thusforming a type of cache, which are fed to a four way multiplexer 1202.One of these four words is then selected as the output of themultiplexer 1202, according to the two address lines A3 and A2 which aresupplied to it. In this way, a thirty-two bit data word may be selectedwith an access time of fifty nanoseconds, provided the thirty two bitword was already available within the one hundred and twenty-eight bitmemory array output. If this is not the case, memory control logiccircuits automatically insert a wait state into the instruction fetchcycle, such that a different one hundred and twenty-eight bit word maybe fetched, which contains the desired thirty-two bit word.

This thirty two bit data word may be supplied directly as the microcodebus 1102, when the cryptographic logic unit 1101 is operating.Alternatively, when fetching instructions for the central processingunit 701, the thirty-two bit output from multiplexer 1202 is supplied toanother multiplexer 1203 as a pair of sixteen bit words, selected byaddress line A1. The selected sixteen bit output from multiplexer 1203is further sub-divided into a pair of eight bit words, or bytes, whichare supplied to a third multiplexer 1204. The output of multiplexer 1204is selected by the least significant address line, A0, and suppliesinstruction data to the instruction bus 1111 a byte at a time, at a rateof twenty million instructions per second. The most significant eightbits of the sixteen bit output from the second multiplexer 1203 are alsoavailable to supply data to the data bus 1110. This connection is notshown in FIG. 11, for reasons of legibility. The purpose of thisarrangement is to ensure that certain multi-byte instructions, forexample in which an immediate data value is specified as part of theinstruction, may also be executed at the maximum instruction rate oftwenty million instructions per second.

Instructions supplied to the cryptographic logic unit 1101 are thereforesupplied as thirty-two bit words. The treatment of these words isdetailed in FIG. 13a, FIG. 13b and FIG. 13c. In FIG. 13a, the thirty-twobit microcode is shown as comprising four bytes. These four bytes maychange at a rate of twenty million times a second, which is only a thirdof the instruction rate of the cryptographic logic unit 1101. Thus eachbyte is considered as an instruction, and the bytes are selectedsequentially at the higher instruction rate of sixty MIPS.

Each byte comprises two parts, shown in FIG. 13b. The eight bits usuallydefine an operation in the cryptographic logic unit 1101. However, threebits may be used to define a two dimensional hardware looping counter.Thus when the three bit combination has the binary value 101, the valuein the remaining five bits is used to define the outer loop count for atwo dimensional hardware loop counter. If the three bits have the value111, the other five bits define the inner loop count for the twodimensional hardware loop counter. Other combinations of the three bitsenable all eight to be considered as defining a particular operationinstruction for the cryptographic logic unit 1101.

Thus a two dimensional loop structure is provided, such that an innerloop may comprise instructions to be executed n times, with an outerloop comprising groups of instructions, including inner loopinstructions, to be executed m times. Thus, inner loop instructions areexecuted a total of (n.m) times.

The importance of looping can be seen when the instruction rate isconsidered. If bytes are removed from the memory at a rate of sixtymillion per second, the length of a microcode sequence could easilyconsume valuable memory space. By providing two dimensional hardwarelooping, memory space is conserved by reducing instruction redundancy.

The cryptographic logic unit 1101 comprises a number of complex circuitelements, each of which requires control by an electrical signal inorder to define its operation. The eight bits which define acryptographic operation are therefore decoded, as shown in FIG. 13c. Asixty-four location read-only memory 1331 contains sixty data bits ineach of its memory locations. Thus sixty-four possible combinations ofsixty control lines may be defined. In this way, the cryptographic logicunit 1101 has all sixty of its control lines updated at a rate of sixtymillion times per second.

Referring once more to the arrangement shown in FIG. 11, thecryptographic logic unit 1101 also has a dedicated sixteen bitcryptographic data bus 1103, over which data may be supplied to or fromthe non-volatile data memory 705. A multiplexing arrangement analogousto that shown in FIG. 12 is used to provide high speed sixty access tothe otherwise comparatively slow volatile data memory 705. The majordifference is that the data multiplexing arrangement is bidirectional,whereas instructions are never written from the cryptographic logic unit1101 to the privileged instruction memory 702.

Instructions are supplied from the privileged instruction memory 702 tothe central processing unit 701 or the cryptographic logic unit 1101.Immediately after power is applied, or a reset condition, the firstinstruction is executed from the privileged instruction memory 702. Whenit is necessary to perform data processing using the cryptographic logicunit 1101, a special command, known by the mnemonic SPAS, is issued tothe central processing unit 701, which then co-ordinates circuitry toenable instructions to be supplied directly to the cryptographic logicunit 1101 thereafter. Instructions following SPAS will be decoded asindicated in FIG. 13a, FIG. 13b and FIG. 13c. One of the instructionswhich may be supplied to the cryptographic logic unit 1101 signifies anend of the cryptographic instruction sequence. The cryptographic logicunit 1101 then sets an interrupt control line, resulting in a return ofcontrol to the central processing unit 701, with subsequent instructionbytes supplied and decoded therein.

The design of the cryptographic logic unit 1101 is such that, althoughdata manipulation is performed using registers having dynamic memoryelements, intermediate results will not lose their validity if left forlonger than the decay time of one of said dynamic memory elements, whichis in the order of a millisecond or two. Furthermore, the registerscontained in the cryptographic logic unit include address-less shiftregisters, thereby reducing the number of control lines required todefine an operation. Address-less registers facilitate high speedoperation using a reduced area of silicon. The address-less registerscan perform multi-dimensional bit transfers in accordance with therequirements of various data encryption procedures. Thus, shiftregisters in the cryptographic logic unit overlap and intersect theprocessing registers to cope with high performance multi-dimensionalpipelining. This method allows bit oriented processing, while thegeneral operation is on a word basis.

The method of supplying instructions to the cryptographic logic unit ishighly versatile, as the particular calculations which it performs aredivided up into several discrete logical steps defined as instructionsin the privileged instruction memory 702. Thus, should it be necessaryto define improved functionality, different instructions may beprovided, rather than a redesign of the cryptographic logic unit.

As is known, it is highly desirable to keep the area of silicon requiredto implement a particular circuit to the minimum. Larger chips have alower manufacturing yield, and therefore a disproportionately highercost. Furthermore, when used in smart cards, larger chips are more proneto failure in the field.

A problem with operating the cryptographic logic unit at such a highinstruction rate, is the requirement for a high speed oscillator. Clocksignals are typically supplied to a smart card, having frequencies inthe order of three megahertz. Supplying a sixty megahertz signal via asmart card terminal is impractical, due to the deterioration in qualityof such a high frequency clock signal over only a few centimeters ofconnecting wire. A quartz crystal is too large too fit into the physicalrestrictions imposed by accepted international smart card standards, andwould also be expensive.

A solution is shown in FIG. 14. A local oscillator 1401 on the chiposcillates within a known range of frequencies, and can be made tooscillate at sixty megahertz by application of an analogue correctionsignal 1408. The output from the local oscillator 1401 is supplied to acounter 1402, having a multi-bit output which increments on each cycleof the local oscillator. A three megahertz external clock is supplied tothe smart card chip via a clock terminal 1405. This signal is suppliedto a divider 1404, which generates an output frequency of which theexternal clock is an integer multiple.

The frequency output from the divider 1404 and the count value from thecounter are supplied to synchronising logic 1403, which samples theoutput of the counter 1402 once for each clock cycle supplied from thedivider 1404. This sample is then supplied to the central processingunit 701, which calculates a frequency correction factor in accordancewith known properties of the circuit. The frequency correction factor issupplied to a latch 1407, whose output is supplied to a digital toanalogue converter 1406. The digital to analogue converter 1406 is notcomplex, as the settling time of its output does not have to be short.The output of the digital to analogue converter 1406 is supplied to thelocal oscillator 1401, which then oscillates at a frequencysubstantially closer to sixty megahertz. Further iterations of this loopprocess may be performed as a method of achieving higher accuracy, orcompensating for temperature drift if the card is to be powered for anextended period of time. The sixty megahertz clock is subdivided bythree in order to provide a twenty megahertz clock for circuitry otherthan the cryptographic logic unit 1101. It should be noted that thevalue supplied to the digital to analogue converter 1406 is supplied byan instruction which is only executable from the privileged instructionmemory 702.

In order to conserve power, the central processing unit 701 may controlan I/O register on the chip, such that the sixty megahertz clock isprevented from clocking circuits in the cryptographic logic unit 1101.

An additional component, not shown in FIG. 11 for reasons of clarity, isa noise source. Several cryptographic procedures benefit from seedingalgorithms with a genuinely random value, as opposed to a pseudo randomvalue generated digitally using shift registers and gates. Thus, in apreferred embodiment, a physical noise source is integrated onto thesame chip die as the rest of the circuitry that has already beendescribed.

The invention provides improved security for many smart cardapplications, along with high processing power from a relatively smallarea of silicon. Such a device has a wide range of applications. Theseinclude: Secure access to information over an insecure network, such asthe internet, without exposing security keys. Point to point encryptionof voice conversations, fax messages or modem tones. Securing data onremovable hard disk drives.

We claim:
 1. A single chip integrated circuit comprising an integratedcircuit on a single chip having processing means arranged to processinstructions supplied from storage means, characterized in thatsaidstorage means comprises a first storage region and a second storageregion; first instructions are selectively supplied to said processingmeans from said first storage region and said second region; andenabling means are arranged to enable said processing means to beresponsive to privileged instructions if said first instructions arereceived from said first storage region, and to disable said processingmeans from being responsive to said privileged instructions if saidfirst instructions are received from said second storage region.
 2. Acircuit according to claim 1, wherein said single chip is encapsulatedin a smart card and said second instruction storage region isconfigurable to receive instructions from a smart card terminal.
 3. Asingle chip integrated circuit having processing means arranged toprocess instructions supplied from storage means, characterized inthatsaid storage means comprises a first storage region and a secondstorage region; first instructions are selectively supplied to saidprocessing means from said first storage region and said second region;and enabling means are arranged to enable said processing means to beresponsive to privileged instructions if said first instructions arereceived from said first storage region, and to disable said processingmeans from being responsive to said p rivileged instructions if saidfirst instructions are received from said second storage region,including paged addressing means arranged to supply addresses to aninstruction storage region, wherein said paged addressing means ischangeable only by protected instructions supplied from said firststorage region.
 4. A single chip integrated circuit having processingmeans arranged to process instructions supplied from storage means,characterized in thatsaid storage means comprises a first storage regionand a second storage region; first instructions are selectively suppliedto said processing means from said first storage region and said secondregion; and enabling means are arranged to enable said processing meansto be responsive to privileged instructions if said first instructionsare received from said first storage region, and to disable saidprocessing means from being responsive to said privileged instructionsif said first instructions are received from said second storage region,having a plurality of processing means wherein said first storage regionincludes multiplexing means arranged to select destination processingmeans for receiving instructions.
 5. A circuit according to claim 4,wherein a first destination processing means is arranged to receive anddecode instructions from said first storage region at a firstinstruction rate and a second destination processing means as arrangedto receive and decode instructions from said first storage region at asecond instruction rate.
 6. A method of processing instructions readfrom storage means, characterized in thatsaid storage means comprises asingle chip integrated circuit having first storage region and a secondstorage region; first instructions are selectively supplied to aprocessing means from said storage regions; and enabling means arearranged to enable said processing means to be responsive to privilegedinstructions if said first instructions are received from said firststorage region, and said enabling means are arranged to disable saidprocessing means from being responsive to said privileged instructionsif said first instructions are received from said second storage region.7. A method of processing instructions read from storage means,characterized in thatsaid storage means comprises first storage regionand a second storage region; first instructions are selectively suppliedto a processing means from said storage regions; and enabling means arearranged to enable said processing means to be responsive to privilegedinstructions if said first instructions are received from said firststorage region, and said enabling means are arranged to disable saidprocessing means from being responsive to said privileged instructionsif said first instructions are received from said second storage region,wherein regions of memory are divided into addressable pages and paceselection is controlled in response to instructions from said firststorage region.
 8. A method according to claim 7, wherein saidprocessing means is configured to select a source of instructions andprotected instructions are prevented from being executed.
 9. A method ofprocessing instructions read from storage means, characterized inthatsaid storage means comprises first storage region and a secondstorage region; first instructions are selectively supplied to aprocessing means from said storage regions; and enabling means arearranged to enable said processing means to be responsive to privilegedinstructions if said first instructions are received from said firststorage region, and said enabling means are arranged to disable saidprocessing means from being responsive to said privileged instructionsif said first instructions are received from said second storage region,wherein said processing means is configured to select a source ofinstructions and protected instructions are prevented from beingexecuted, wherein said protected instructions are selectively preventedfrom being executed in response to a control signal from decoding means.10. A method according to claim 9 wherein a processing means is acryptographic processing means.